WordPress 3.3.2 & 3.4 Beta 3 Released

WordPress 3.3.2 & 3.4 Beta 3 has been released
WordPress 3.3.2

Fixes:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • vSWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

Changelog: From WordPress 3.3.1
Download: WordPress 3.3.2

WordPress 3.4 Beta 3

  • 90 bugs have been fixed since beta 2

Changelog: From WordPress 3.4 Beta 2
Download: >WordPress 3.4 Beta 3

2 thoughts on “WordPress 3.3.2 & 3.4 Beta 3 Released

  1. Mumen

    I post here, because comments seems to be disabled for the following post :

    http://lesterchan.net/wordpress/2008/07/17/how-to-turn-off-post-revision-in-wordpress-26/

    and I have an important bug to tell you about this code :

    DELETE a,b,c
    FROM wp_posts a
    LEFT JOIN wp_term_relationships b ON (a.ID = b.object_id)
    LEFT JOIN wp_postmeta c ON (a.ID = c.post_id)
    WHERE a.post_type = ‘revision’

    The problem is that this code can possibly delete some wrong ‘wp_term_relationships’ records…

    In this table, the field ‘object_id’ is *not only* dedicated to set a relationship with the posts tables, but for others too. For example, the ‘links’ table can also be connected with an ID which could possibly (but quite rarely) be the same as a deleted revision.

    I wish to explain the problem to you and also to see with you if the following rule I suggest is correct :

    In this case, only ‘wp_term_relationships’ records that are connected to a ‘term_taxonomy’ which taxonomy is ‘category’ should be suppressed.

Comments are closed.